fix: stabilize flux and external secrets reconciliation

2026-03-09 02:25:27 +00:00
parent 6f2e056b98
commit 646ef16258
7 changed files with 6498 additions and 1 deletions
--- a/clusters/prod/flux-system/gotk-components.yaml
+++ b/clusters/prod/flux-system/gotk-components.yaml
--- a/clusters/prod/flux-system/gotk-controller-cp1-patches.yaml
+++ b/clusters/prod/flux-system/gotk-controller-cp1-patches.yaml
@@ -0,0 +1,43 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: source-controller
+  namespace: flux-system
+spec:
+  template:
+    spec:
+      nodeSelector:
+        kubernetes.io/hostname: k8s-cluster-cp-1
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: kustomize-controller
+  namespace: flux-system
+spec:
+  template:
+    spec:
+      nodeSelector:
+        kubernetes.io/hostname: k8s-cluster-cp-1
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: helm-controller
+  namespace: flux-system
+spec:
+  template:
+    spec:
+      nodeSelector:
+        kubernetes.io/hostname: k8s-cluster-cp-1
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: notification-controller
+  namespace: flux-system
+spec:
+  template:
+    spec:
+      nodeSelector:
+        kubernetes.io/hostname: k8s-cluster-cp-1
--- a/clusters/prod/flux-system/kustomization.yaml
+++ b/clusters/prod/flux-system/kustomization.yaml
@@ -1,6 +1,9 @@
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
+  - gotk-components.yaml
  - gitrepository-platform.yaml
  - kustomization-infrastructure.yaml
  - kustomization-apps.yaml
+patchesStrategicMerge:
+  - gotk-controller-cp1-patches.yaml
--- a/infrastructure/addons/external-secrets/helmrelease-external-secrets.yaml
+++ b/infrastructure/addons/external-secrets/helmrelease-external-secrets.yaml
@@ -23,5 +23,14 @@ spec:
      retries: 3
  values:
    installCRDs: true
+    nodeSelector:
+      kubernetes.io/hostname: k8s-cluster-cp-1
+    webhook:
+      failurePolicy: Ignore
+      nodeSelector:
+        kubernetes.io/hostname: k8s-cluster-cp-1
+    certController:
+      nodeSelector:
+        kubernetes.io/hostname: k8s-cluster-cp-1
    serviceMonitor:
      enabled: false
--- a/infrastructure/addons/external-secrets/kustomization.yaml
+++ b/infrastructure/addons/external-secrets/kustomization.yaml
@@ -4,4 +4,3 @@ resources:
  - namespace.yaml
  - helmrepository-external-secrets.yaml
  - helmrelease-external-secrets.yaml
-  - clustersecretstore-doppler-hetznerterra.yaml
--- a/infrastructure/kustomization-secrets.yaml
+++ b/infrastructure/kustomization-secrets.yaml
@@ -0,0 +1,16 @@
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: secrets
+  namespace: flux-system
+spec:
+  interval: 10m
+  prune: true
+  sourceRef:
+    kind: GitRepository
+    name: platform
+  path: ./infrastructure/secrets
+  dependsOn:
+    - name: addon-external-secrets
+  wait: true
+  timeout: 5m
--- a/infrastructure/kustomization.yaml
+++ b/infrastructure/kustomization.yaml
@@ -2,3 +2,4 @@ apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
  - addons
+  - kustomization-secrets.yaml